From aa9411f62bc4e23f0868e8187cb09c407ad13ced Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Mon, 4 Oct 2021 16:51:02 +0000 Subject: [PATCH] Use the special shims file for DH shims Since we now have a separate `openssl_shim.{c,h}` files in the `dns` library, we can place the exisintg shims there. --- lib/dns/openssl_shim.c | 74 ++++++++++++++++++++++++++++++++++++++ lib/dns/openssl_shim.h | 17 +++++++++ lib/dns/openssldh_link.c | 78 +--------------------------------------- 3 files changed, 92 insertions(+), 77 deletions(-) diff --git a/lib/dns/openssl_shim.c b/lib/dns/openssl_shim.c index 43264b8383..1bbc10b89e 100644 --- a/lib/dns/openssl_shim.c +++ b/lib/dns/openssl_shim.c @@ -162,6 +162,80 @@ ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) { } #endif /* !HAVE_ECDSA_SIG_GET0 */ +#if !HAVE_DH_GET0_KEY && OPENSSL_VERSION_NUMBER < 0x30000000L +/* + * DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg + * are from OpenSSL 1.1.0. + */ +void +DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) { + if (pub_key != NULL) { + *pub_key = dh->pub_key; + } + if (priv_key != NULL) { + *priv_key = dh->priv_key; + } +} + +int +DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { + if (pub_key != NULL) { + BN_free(dh->pub_key); + dh->pub_key = pub_key; + } + + if (priv_key != NULL) { + BN_free(dh->priv_key); + dh->priv_key = priv_key; + } + + return (1); +} + +void +DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, + const BIGNUM **g) { + if (p != NULL) { + *p = dh->p; + } + if (q != NULL) { + *q = dh->q; + } + if (g != NULL) { + *g = dh->g; + } +} + +int +DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { + /* If the fields p and g in d are NULL, the corresponding input + * parameters MUST be non-NULL. q may remain NULL. + */ + if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) { + return (0); + } + + if (p != NULL) { + BN_free(dh->p); + dh->p = p; + } + if (q != NULL) { + BN_free(dh->q); + dh->q = q; + } + if (g != NULL) { + BN_free(dh->g); + dh->g = g; + } + + if (q != NULL) { + dh->length = BN_num_bits(q); + } + + return (1); +} +#endif /* !HAVE_DH_GET0_KEY && OPENSSL_VERSION_NUMBER < 0x30000000L */ + #if !HAVE_ERR_GET_ERROR_ALL static const char err_empty_string = '\0'; diff --git a/lib/dns/openssl_shim.h b/lib/dns/openssl_shim.h index e386cf858a..2e87ac66ba 100644 --- a/lib/dns/openssl_shim.h +++ b/lib/dns/openssl_shim.h @@ -12,6 +12,7 @@ #pragma once #include +#include #include #include #include @@ -57,6 +58,22 @@ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); #endif /* !HAVE_ECDSA_SIG_GET0 */ +#if !HAVE_DH_GET0_KEY +void +DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); + +int +DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); + +void +DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); + +int +DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); + +#define DH_clear_flags(d, f) ((d)->flags &= ~(f)) +#endif /* !HAVE_DH_GET0_KEY */ + #if !HAVE_ERR_GET_ERROR_ALL unsigned long ERR_get_error_all(const char **file, int *line, const char **func, diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c index 5bee2fc6f1..5d2f8b22d7 100644 --- a/lib/dns/openssldh_link.c +++ b/lib/dns/openssldh_link.c @@ -40,6 +40,7 @@ #include "dst_internal.h" #include "dst_openssl.h" #include "dst_parse.h" +#include "openssl_shim.h" #define PRIME2 "02" @@ -67,83 +68,6 @@ static BIGNUM *bn2 = NULL, *bn768 = NULL, *bn1024 = NULL, *bn1536 = NULL; -#if !HAVE_DH_GET0_KEY -/* - * DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg - * are from OpenSSL 1.1.0. - */ -static void -DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) { - if (pub_key != NULL) { - *pub_key = dh->pub_key; - } - if (priv_key != NULL) { - *priv_key = dh->priv_key; - } -} - -static int -DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { - if (pub_key != NULL) { - BN_free(dh->pub_key); - dh->pub_key = pub_key; - } - - if (priv_key != NULL) { - BN_free(dh->priv_key); - dh->priv_key = priv_key; - } - - return (1); -} - -static void -DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, - const BIGNUM **g) { - if (p != NULL) { - *p = dh->p; - } - if (q != NULL) { - *q = dh->q; - } - if (g != NULL) { - *g = dh->g; - } -} - -static int -DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { - /* If the fields p and g in d are NULL, the corresponding input - * parameters MUST be non-NULL. q may remain NULL. - */ - if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) { - return (0); - } - - if (p != NULL) { - BN_free(dh->p); - dh->p = p; - } - if (q != NULL) { - BN_free(dh->q); - dh->q = q; - } - if (g != NULL) { - BN_free(dh->g); - dh->g = g; - } - - if (q != NULL) { - dh->length = BN_num_bits(q); - } - - return (1); -} - -#define DH_clear_flags(d, f) (d)->flags &= ~(f) - -#endif /* !HAVE_DH_GET0_KEY */ - static isc_result_t openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv, isc_buffer_t *secret) {